As the lives of ordinary consumers have become increasingly involved with network computing environments, such as the Internet, the need for secure communication has increased. For example, secure communication is needed to make purchases of items from an e-commerce website, to pay for services such as streaming video or streaming audio, to monitor a bank account and set up transfers, or to transmit and receive confidential information, such as account information or credit card numbers, the distribution of which could cause significant personal and/or financial harm.
Over the years developers have produced a number of secure communication schemes and techniques in order to facilitate interactions over the web or over the Internet more generally. One approach to secure communications involves cryptographic protocols like secure sockets layer (SSL) and transport layer security (TLS, although often referred to as SSL as well) that can provide for a public key infrastructure (PKI) which binds public keys with a certificate provided by a trusted certificate authority. A certificate authority is an entity that issues digital certificates and associated public keys, which can then be used to establish that a contacted service or associated server has been verified and can be trusted.
When a service requiring a level of trust is to be provided by servers associated with a domain, such as www.exampledomain.com, a certificate can be issued that identifies www.exampledomain.com and includes a public encryption key that can be used in PKI-based authentication approaches along with a private encryption key. Because a user of the service trusts the certificate authority, the user may feel comfortable trusting a public encryption key associated with a digital certificate issued by that certificate authority. Corporations or other entities that provide information, products, services, etc., over the Internet may need many such certificates. Developers or network administrators employed by such an entity can request needed certificates from an issuing certificate authority.
However, current approaches to requesting and obtaining digital certificates can result in insecure handling and sharing of the digital certificates with their associated public keys. For example, private keys generated as part of the digital certificate creation process may be insecurely handled and shared in the process of trying to collaborate with other employees and to deploy the certificates to servers providing the domain or domains associated with the digital certificates. Accordingly, current approaches to the creation and management of digital certificates and associated encryption keys has not been entirely satisfactory.